Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fortinet Single Sign On

Published byAshley Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "Fortinet Single Sign On"— Presentation transcript:

1 Fortinet Single Sign On
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On RTOL

2 Course 301 – Secured Network Deployment and IPSec VPN
Module Objectives By the end of this module participants will be able to: Describe how Windows login credentials can be used to authenticate users to the FortiGate device Configure Fortinet Single Sign On RTOL

3 Directory Services Authentication
Course 301 – Secured Network Deployment and IPSec VPN Directory Services Authentication Directory Services Server Windows Active Directory Novell eDirectory Kelly Miller $d12*h1 classroom RTOL

4 Directory Services Authentication
Course 301 – Secured Network Deployment and IPSec VPN Directory Services Authentication User authenticates to Directory Services at logon Windows Active Directory Novell eDirectory Authentication information is passed to the FortiGate unit User automatically gets access to permitted resources without any further authentication operations Uses Fortinet Single Sign On (FSSO) Previously know as Fortinet Server Authentication Extensions (FSAE) Directory Services Server Windows Active Directory Novell eDirectory RTOL

5 Fortinet Single Sign On
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Detects logon event Records workstation name, domain and user Resolves workstation name to IP address Determines groups user belongs to Sends logon information to the FortiGate unit Creates a log entry on the FortiGate unit FSSO Windows Server Windows Domain Controller Kelly Miller $d12*h1 classroom RTOL

6 Fortinet Single Sign On
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Detects logon event Records workstation name, domain and user Resolves workstation name to IP address Determines groups user belongs to Sends logon information to the FortiGate unit Creates a log entry on the FortiGate unit FSSO FSSO monitors which user is logged on to which workstation and passes that information to the FortiGate unit When the user tries to access a network resource, the FortiGate unit selects the appropriate firewall policy User must belong to a permitted user group associated with that policy Windows Server Windows Domain Controller RTOL

7 Fortinet Single Sign On Components
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Components FSSO DC Agent Collector Agent Windows Server Windows Domain Controller RTOL

8 Fortinet Single Sign On Components
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Components FSSO DC Agent Collector Agent Depending on the working mode chosen for monitoring user logon events, the following components may be installed: FSSO Collector Agent FSSO Domain Controller Agent Two possible working modes Domain Controller Agent mode Polling mode Windows Server Windows Domain Controller RTOL

9 Fortinet Single Sign On Domain Controller Agent Mode
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Domain Controller Agent Mode Collector Agent Windows Server DC Agent Windows Domain Controller User Logon Event RTOL

10 Fortinet Single Sign On Domain Controller Agent Mode
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Domain Controller Agent Mode In this mode, a Domain Controller Agent is installed on each domain controller to monitor user logon events A Collector Agent installed on a Window Server receives the logon event information from the DC Agent and forwards it to the FortiGate unit The FortiGate unit determines access based on the user’s group membership and firewall policies for the destination Collector Agent Windows Server DC Agent Windows Domain Controller User Logon Event RTOL

11 Fortinet Single Sign On Polling Mode
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Polling Mode ? ? Collector Agent Windows Server Windows Domain Controller User Logon Event RTOL

12 Fortinet Single Sign On Polling Mode
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Polling Mode Polling mode does not require a Domain Controller Agent to be installed on each domain controller A Collector Agent installed on a Window Server will poll the domain controller for user logon information every few seconds and forwards it to the FortiGate unit Collector Agent RTOL

13 Domain Controller Mode versus Polling Mode
Course 301 – Secured Network Deployment and IPSec VPN Domain Controller Mode versus Polling Mode Polling mode Might not be as reliable since a poll might be missed under heavy system traffic Only one component needs to be installed on one server FSSO in a Novell eDirectory environment works similar to polling The eDirectory agent polls the eDiorectory server for user logon information and forwards it to the FortiGate unit Domain Controller mode An agent must be installed on every domain controller in the domain Each domain controller connection requires a guaranteed 64kpbs bandwidth to ensure proper FSSO functionality RTOL

14 Fortinet Single Sign On Using NTLM Authentication
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Using NTLM Authentication Collector Agent ? Windows Server User Logon Event Windows Domain Controller NTLM negotiation Click here to read more about NTLM authentication using FSSO RTOL

15 Fortinet Single Sign On Using NTLM Authentication
Course 301 – Secured Network Deployment and IPSec VPN Fortinet Single Sign On Using NTLM Authentication Fortinet Single Sign On can also provide NTLM authentication The FortiGate unit will initiate an NTLM negotiation with the client browser The FortiGate unit forwards the NTLM packets to the Collector Agent for processing The FortiGate unit determines access based on the user’s group membership and firewall policies for the destination Click here to read more about NTLM authentication using FSSO RTOL

16 Course 301 – Secured Network Deployment and IPSec VPN
Labs Lab - Directory Service Authentication Installing FSSO on the Windows server Configuring FSSO on the FortiGate unit Testing FSSO authentication Click here for step-by-step instructions on completing this lab Click here for access the FSSO installation file RTOL

17 Course 301 – Secured Network Deployment and IPSec VPN
Student Resources Click here to view the list of resources used in this module RTOL

Download ppt "Fortinet Single Sign On"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Implementing and Administering AD DS Sites and Replication

Implementing and Administering AD DS Sites and Replication
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.

Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Course 301 – Secured Network Deployment and IPSec VPN

Course 301 – Secured Network Deployment and IPSec VPN
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Hands-On Microsoft Windows Server 2008 1 Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Similar presentations

Ads by Google